IT Security Blog

Fraudsters’ Opportunities in New Products

By

For every product that creates much public excitement, fraudsters get equally excited as they spot opportunities for defrauding unsuspecting consumers.  A much awaited product like the iPhone 5 is expected to create a long queue of customers waiting to get their hands on the first delivery.  It is quite common therefore for many eager-beavers to try to find a back-door to have one if purchasing from established points is difficult.

There is much pride in being one of the firsts to be seen in public using a highly-desired product.  Although the hype does not necessarily translate to product excellence, this fact rarely dampens the excitement for a new product especially if it is being raved about from all quarters.  This is exactly the attitude of consumers that fraudsters are looking out for to carry out their plans.

Fraudsters are on the look-out for deal seekers who intend to get their hands on a desired product at all cost.  These are the people who are more often willing to put caution to the wind and enter into deals that they believe will help them achieve their objective.  It is quite unfortunate that many people who want to be the first owners of a much-coveted product end up being the first victims by virtue of the desire to have such product.

A little patience goes a long way in ensuring that an excited consumer will not be tricked into entering a fraudulent transaction.  Many fraudsters will promise quick delivery and disappear forever after getting the money of unsuspecting buyers.  Others will opt for online scams by attracting consumers with emails containing hard-to-ignore deal offers for products, only to turn out to be phishing scams that effectively extract financial information from credit cards or bank accounts.

 

Fuzzing: What Is It?

By

A computer (credit: http://www.flickr.com/photos/amagill/

Fuzz testing may sound like a term far removed from the IT world, but fuzzing is a good way of discovering weaknesses in a network, application or server before others do. Fuzzing involves bombarding a program with randomly generated data to see if it’ll withstand the overload. If it fails, either by crashing or not executing a specific code, then there’s a defect you need to find and correct. Hackers can use fuzzing to find what bugs exist in an application, for example, a web browser, and then create specific code to exploit the application’s weaknesses. But if these bugs are discovered before they can be exploited then a way can be found to fix these exploitable bugs.

Testers can use fuzz testing to find out if the current software being used have easily exploitable vulnerabilities. It is probably the closest approximate to a real-world situation when data coming into a system or application doesn’t always follow validation rules. While fuzzing, testers keep a record of all the data they create, so it’s easy can keep track of what specifically caused any errors. It’s also relatively cheap to perform fuzz testing, and it can be used to compare the security of different programs and operating systems. Open source fuzzing tools and tests for different applications and systems are now available online. Though fuzzing doesn’t guarantee to find every error-producing event and bug that can occur on your system, it does give an idea of where intruders might try to attack. Errors like buffer overruns and attacks on cross-site scripting can be prevented by fuzz testing.

[tags]fuzzing,bugs,buffers,phishing,pharming,software,errors,intruders[/tags]

A Few Tips to Avoid Phishing

By

phishing example Chances are that when you open your inbox today you’ll find an e-mail claiming to be from your bank, an e-commerce site, or another online site you’ve visited. They might offer you an upgrade to your account, inform you that there’s been changes to their, and asks you to verify your account information. This could be a phishing attempt to get sensitive information like your personal information or passwords. Fortunately, you can avoid getting scammed by taking these precautions:

  • Be suspicious of any email with urgent requests for personal financial information. Phishers are getting more sophisticated in their attempts, so even if an e-mail appears to be legitimate, look for proof that it came from your e-commerce company. They should be personalized and carry information that only you and your company would know. They might show partial account numbers or other verification tools.
  • Use anti-virus software and a firewall, and keep them up to date. Phishers sometimes include script that can track your activities on the internet without your knowledge.
  • Never use the links in an e-mail to go to any webpage. Phishers will redirect you to a bogus site to trick you into logging in your account number and password. Log onto the website by typing in the web address to your browser. At the same time, never call any numbers in the e-mail. It could lead you to a VoIP provider that isn’t connected to your company at all.
  • Never fill out forms in e-mail messages asking for your personal financial information. Your e-commerce company would never ask you to send sensitive information in that manner.
  • Check your bank, credit, and debit card statements regularly to see if all your transactions are legitimate. Report any suspicious withdrawals immediately.
  • Finally, report the phishing attempt you received to your company and other anti-phishing groups.

[tags]phishing,spam,spoof emails,indentity theft,pharming,spam filtering[/tags]

Managing Your Passwords

By

passwordmanagerscreen.jpgAre you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Phishing for Personal Information

By

Phishing over the web can be typified with that of trying to get personal information for mischievous use. Receiving unsolicited emails coming from unknown origins which would make you believe that you have won something in a lottery or a sweepstakes contest are the common forms of phishing.

Gone Phishing

The people who send you these emails are merely after your personal information. They would get information such as credit card numbers, bank accounts, and other useful information to which they can use over the web, an open space of being able to transact with a lot of security breaches that most people know today.

Some would even provide links to certain pages which are professionally done, all the more deceiving a person that the offer is for real. But the next time you get such e-mails from an unknown source, all you have to do is just think about it for a second. How can you get such mails from someone or something that you don’t even remember joining? The rest is history.